Pages

Wednesday, 18 April 2018

Rsyslog UDP/TCP

There is a small, but important catch when you configure rsyslog - the protocol at the end of the config. For the classic UDP set on @ for TCP @@

 # The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

 # Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog
# Log cron stuff
cron.*                                                  /var/log/cron

 # Everybody gets emergency messages
*.emerg                                                 :omusrmsg:*

 # Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

 # Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

 $ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList   # run asynchronously
$ActionResumeRetryCount -1    # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.* @IP:514

References:
https://devops.profitbricks.com/tutorials/configure-remote-logging-with-rsyslog/
http://unix.stackexchange.com/questions/280697/rsyslog-not-forwarding-messages-to-remote-rsyslog-server
http://serverfault.com/questions/667728/configure-and-test-rsyslog-to-udp-socket
http://xmodulo.com/configure-rsyslog-client-centos.html

Posted by at
Labels: ,